SSO (Single Sign-On) Configuration and Use

• SSO stands for Single Sign-On. It is a method that enables signing in with a single set of credentials to access Multiple Certain services.
• This article describes how to configure and use SSO within the Certain platform.
• The audience for this content includes Administrators, Event Builders, and attendees using forms, the Mobile Web App, the Speaker Portal, or the Reviewer Portal.

SSOs in Certain

• There are three types of SSO: ADMIN SSO, ATTENDEE LOGIN SSO, and CHECK-IN APP SSO.
• An Admin SSO allows Certain administrators to log in without using their Certain username and password, provided a matching User record exists in Certain.
• Attendee SSOs enable attendees to sign in for registration forms, the Mobile web app, the Speaker Portal, and the Reviewer Portal.
• Check-In App SSO enables Certain users to sign in to the Check-In app using SSO credentials.

Admin SSO

• ADMIN SSO is for Certain users logging in to the Certain app.
• If Certain has configured an ADMIN SSO for the system (on Account Settings > Management > Single Sign-On), then users of the Certain platform who have signed in to the corporate system do not have to enter another username and password to access Certain.
• These admin users must still have a matching User record in Certain.
• Note: Only one ADMIN SSO can be activated for a system at any one time.

Attendee SSO

• ATTENDEE LOGIN SSO is for attendees logging in to registration forms or the Mobile web app, for speakers logging in to a Speaker Portal, and for reviewers logging in to a Reviewer Portal.
• System: Certain creates and sets up one or more Attendee SSOs for the system (System Master users only).
• Account: Enable SSO(s) for each account and sub-account in which the SSO will be used.
• Note: For an SSO to be available in a sub-account, it must first be enabled in the parent account.
• Go to Account Settings > Management > Single Sign-On and select Enabled for the SSO(s) to be available.
• You can edit the SSO configuration in the next steps.
• Account: Configure SSO field mappings.
• An Administrator maps IDP fields to Certain Fields.
• In a sub-account, mappings are independent of the parent account; mappings are not inherited.
• On Account Settings > Management > Single Sign-On, click the enabled SSO and select the Certain Fields to map to the IDP Fields.
• The Profile First Name and Profile Last Name in Certain must be mapped to the equivalent IDP fields.
• Important: Do not map Profile First Name and Profile Last Name to the same IDP field.
• Account: Customize SSO button (Optional).
• An Administrator can customize the appearance of the SSO button for each SSO connection used on Forms, Mobile, the Speaker Portal, and the Reviewer Portal.
• On Account Settings > Management > Single Sign-On, click the button for an enabled SSO and edit the Button settings (color, text, icon, and class).
• The button settings for an SSO Connection are used on all forms using that connection; the same settings are used for Mobile, the Speaker Portal, and the Reviewer Portal if those are configured to use the same connection. Do not edit these settings further at the lower levels.
• Event: An Administrator enables the Single Sign-On module for the event.
• In the event, go to Plan > Configure > Options, and select the Single Sign-On Module under Functional Areas to be enabled for this event.
• Event: An Administrator configures the SSO for the event.
• In the event, go to Plan > Configure > Single Sign-On, and select the Enabled check box for the SSO(s) to be available for use in the event.
• This makes the SSO available to the event’s forms, its Mobile web app, its Speaker Portal, and its Reviewer Portal.
• Note: You do not edit an SSO at the event level; you simply select its check box in the list of SSOs.

In Forms

• Attendees registering on registration forms, or logging back in to a form after having registered, use the following steps after the initial six steps above.
• Form: An Event Builder selects the SSO(s) to be available on a form.
• In the event, go to Plan > Forms > Entry to edit the Entry section for the form, and select the SSO(s) to be used.
• The list available is of those enabled in step 6 above.
• Attendees: When an attendee is registering on that form, they can click a button on the entry page to pre-populate their details.
• Attendees: After an attendee has registered using an SSO, they can log back in using the same SSO, or their Username and Password, but not using a different SSO.
• Example: If the form offered the choice of LinkedIn and Facebook, and the attendee used LinkedIn to register, they could not use Facebook to log back in.
• Note: An attendee who registered without using an SSO cannot log back in to the registration using one; they can only log in using their Username and Password.

For a Certain Mobile HTML5 Web App

• Attendees logging in to a Certain Mobile web app use the remaining steps after the Form steps above.
• Mobile: An Event Builder selects the SSO(s) to be available on the page of the Mobile web app.
• Attendees: If an attendee registered using an SSO on Forms, they can click the same button on the Mobile login page to use those credentials.
• Note: An attendee who registered without using an SSO cannot log in to the Mobile web app using one; they can only log in with Username and Password.

For a Speaker Portal

• Available only if these options are enabled for the event (in Plan > Configure > Options): Speaker and Session Management module and Conference Sessions option.
• Speaker Portal: An Event Builder selects the SSO(s) to be available on the Speaker Portal page.
• In the event, go to Manage > Speakers and Sessions > Speaker Portal to edit the page and select the SSO(s) to be used.
• Speakers: When a speaker first registers in the Speaker Portal, they can click a button on the page to pre-populate their details using those credentials.
• Speakers: After a speaker has registered using an SSO, they can log in to the Speaker Portal using the same SSO, or their Username and Password, but not a different SSO.
• Example: If the Speaker Portal offered LinkedIn and Facebook, and the speaker used LinkedIn to register, they could not use Facebook to log in.
• Note: A speaker who registered without using an SSO connection cannot log in using one; they can only log in using their Username and Password.

For a Reviewer Portal

• Available only if these options are enabled for the event (in Plan > Configure > Options): Speaker and Session Management module and Conference Sessions option.
• Reviewer Portal: An Event Builder selects the SSO(s) to be available on the Reviewer Portal page.
• In the event, go to Manage > Speakers and Sessions > Reviewer Portal to edit the page and select the SSO(s) to be used.
• Reviewers: When a reviewer goes to the Reviewer Portal, they can click a button on the Login page to pre-populate their details using those credentials.
• Reviewers: After a reviewer has registered using an SSO, they can log in to the Reviewer Portal using the same SSO, or their Username and Password, but not a different SSO.
• Note: A reviewer who registered without using an SSO connection cannot log in using a single SSO; they can only log in using their Username and Password.

"Check-In App" SSO

• CHECK-IN APP SSO applies to the Certain Check-In app for the system.
• If Certain has configured a "CHECK-IN APP" SSO, Check-In users can log in with their SSO credentials instead of their Certain username and password.
• These Check-In users still need to have a User record in Certain.
• The workflow is straightforward:
• Certain sets up a Check-In App SSO for the system (System Master users only).
• Account or Sub-Account: No configuration is required in an account or sub-account.
• If a CHECK-IN APP SSO is enabled for a system, it is automatically enabled for all accounts and sub-accounts.
• Event: No configuration is required at the event level for this SSO.
• Check-In Users: When a Certain user logs in to the Certain Check-In app on a mobile device, they can click the gear icon on the page to select the SSO and use those credentials to log in.
• Check-In Users: The Check-In app can be used to check attendees in at an event.
• Note: Only one CHECK-IN APP SSO can be activated for a system at any one time.

If you need more details or specific phrasing for any subsection, I can adjust while preserving all original meanings exactly.